Bug 882115 - selinux-policy uses hardcode (pid/log) filename of qemu-ga
Summary: selinux-policy uses hardcode (pid/log) filename of qemu-ga
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.4
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-11-30 07:12 UTC by Amos Kong
Modified: 2015-05-25 00:06 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-11-30 07:25:42 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Amos Kong 2012-11-30 07:12:31 UTC
Description of problem:

The pid/log filename of qemu-ga can be configured by /etc/sysconfig/qemu-ga.
But the new qemu-ga policy uses hardcode filenames, thing will be wrong if user changes the default pid/log filename.

Version-Release number of selected component (if applicable):
selinux-policy-3.7.19-183.el6.noarch

Comment 1 Miroslav Grepl 2012-11-30 07:25:42 UTC
We have

filetrans_pattern(virt_qemu_ga_t, virt_qemu_ga_var_run_t, virt_qemu_ga_var_run_t,{ dir file } )
logging_log_filetrans(virt_qemu_ga_t, virt_qemu_ga_log_t, file )

which means if a user change it and it will be in the /var/run or /var/log then it will be created with the correct labeling.

We are not able to cover all scenarios. If a user change it to a different path then a local policy will be needed.


Note You need to log in before you can comment on or make changes to this bug.